Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

9.1CVSS5.6AI score0.00418EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.11 views

LiteIDE 安全漏洞

LiteIDE X is a Go language code development tool developed by Seven Leaf individuals. Previous versions of LiteIDE X, such as 38.4, contained security vulnerabilities. These vulnerabilities were caused by inconsistent interpretation of HTTP requests, which could lead to issues with the http...

6.3CVSS5.9AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 3:11 p.m.4 views

GHSA-524M-Q5M7-79MM Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.5AI score0.00208EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

Arduino IDE 安全漏洞

Arduino IDE is an Arduino open source development tool. A security vulnerability exists in Arduino IDE versions prior to 2.3.7, which stems from a misconfiguration of security permissions and could result in bypassing macOS hardened runtime protections...

4.8CVSS6.5AI score0.00106EPSS
Exploits0References5
OSV
OSV
added 2025/11/26 7:35 p.m.3 views

GHSA-Q279-JHRF-CC6V Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

9.4CVSS7.5AI score0.00338EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/11/26 7:35 p.m.8 views

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

9.4CVSS7.5AI score0.00338EPSS
Exploits0References9Affected Software1
Gitee
Gitee
added 2025/09/06 12:11 a.m.150 views

Garden

This is a repository for the Garden development tool, which automates workflows for Kubernetes application development and testing. The repository contains various configuration files, including .chglog/CHANGELOG.tpl.md, .circleci/config.yml, .circleci/continue-config.yml, and others. These files...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.11 views

CVE-2024-46988

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to...

5.7CVSS6.7AI score0.00328EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/04/11 12:0 a.m.6 views

The vulnerability of the Microsoft Visual Studio software development tool, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Visual Studio software development tool is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.3CVSS7.6AI score0.01134EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2025/03/28 3:6 p.m.12 views

[SECURITY] Fedora 41 Update: nodejs-nodemon-3.1.9-3.fc41

Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...

7.5CVSS7.9AI score0.01471EPSS
Exploits1
Fedora
Fedora
added 2025/03/28 2:49 p.m.19 views

[SECURITY] Fedora 40 Update: nodejs-nodemon-3.1.9-3.fc40

Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...

7.5CVSS7.9AI score0.01471EPSS
Exploits1
Fedora
Fedora
added 2025/03/28 12:20 a.m.27 views

[SECURITY] Fedora 42 Update: nodejs-nodemon-3.1.9-4.fc42

Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...

7.5CVSS7.9AI score0.01471EPSS
Exploits1
Redos
Redos
added 2024/10/22 12:0 a.m.11 views

ROS-20241021-03

Vulnerability of the tic4xprintcond function of the opcodes/tic4x-dis.c component of the GNU development tool Binutils is related to memory initialization errors. Exploitation of the vulnerability allows an attacker, acting remotely, to gain access to confidential data...

7.5CVSS7.3AI score0.00659EPSS
Exploits1
Redos
Redos
added 2024/07/19 12:0 a.m.24 views

ROS-20240719-04

A vulnerability in the Microsoft .NET software platform and Microsoft software development tool Microsoft Visual Studio is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability...

8.1CVSS6.7AI score0.02915EPSS
Exploits0
OSV
OSV
added 2024/05/30 1:0 p.m.24 views

GHSA-V35G-4RRW-H4FW Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

8.1CVSS6.7AI score0.01485EPSS
Exploits0References6
Redos
Redos
added 2023/11/21 12:0 a.m.51 views

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

7.8CVSS7.8AI score0.67469EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.5 views

The vulnerability in the `pkgconf_tuple_parse` function (libpkgconf/tuple.c) of the pkgconf development tool, which is used for configuring compiler and assembler flags for development libraries. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the pkgconftupleparse function in the library for configuring compiler and assembler flags for the pkgconf development tool is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a system failu...

5.5CVSS6.2AI score0.00516EPSS
Exploits1References10Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/02/27 12:0 a.m.6 views

The vulnerability of Microsoft Visual Studio, a software development tool, stems from insufficient validation of input data. This allows attackers to trigger service failures.

The vulnerability of the Microsoft Visual Studio software development tool is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

5.6CVSS6.7AI score0.00799EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2021/08/20 7:15 p.m.4 views

CVE-2021-36011

Adobe Illustrator version 25.2.3 and earlier is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of th...

7.8CVSS6.5AI score
Exploits0References1
NVD
NVD
added 2020/10/16 5:15 p.m.29 views

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

6.1CVSS0.02209EPSS
Exploits1References5
Rows per page
Query Builder